CVE-2022-39285 - OpenCVE

Vendors	Products
Zoneminder	Zoneminder

Link	Resource
http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html
https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d	Patch Third Party Advisory
https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59	Patch Third Party Advisory
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433	Exploit Patch Third Party Advisory

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39285", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2023-03-27T00:00:00", "dateReserved": "2022-09-02T00:00:00", "datePublished": "2022-10-07T00:00:00"}, "containers": {"cna": {"title": "Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-27T00:00:00"}, "descriptions": [{"lang": "en", "value": "ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current \"tr\" \"td\" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the \"view=log\" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging."}], "affected": [{"vendor": "ZoneMinder", "product": "zoneminder", "versions": [{"version": "< 1.36.27", "status": "affected"}, {"version": ">= 1.37.0, < 1.37.24", "status": "affected"}]}], "references": [{"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433"}, {"url": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d"}, {"url": "https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59"}, {"url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79"}]}], "source": {"advisory": "GHSA-h6xp-cvwv-q433", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "matchCriteriaId": "10716E28-69E6-4AD6-9D8E-3DB416BD68B1", "versionEndExcluding": "1.36.27", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "matchCriteriaId": "45B12B91-B262-4E82-964C-D2CB074D4FDF", "versionEndExcluding": "1.37.24", "versionStartExcluding": "1.37.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current \"tr\" \"td\" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the \"view=log\" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging."}, {"lang": "es", "value": "ZoneMinder es una aplicaci\u00f3n de software de televisi\u00f3n en circuito cerrado gratuita y de c\u00f3digo abierto El par\u00e1metro de archivo es susceptible a una vulnerabilidad de tipo cross site scripting (XSS) al retroceder los corchetes \"tr\" \"td\" actuales. Esto permite entonces a un usuario malicioso proporcionar c\u00f3digo que ser\u00e1 ejecutado cuando un usuario visualice el registro espec\u00edfico en la p\u00e1gina \"view=log\". Esta vulnerabilidad permite a un atacante almacenar c\u00f3digo dentro de los registros que ser\u00e1 ejecutado cuando sea cargado por un usuario leg\u00edtimo. Estas acciones ser\u00e1n llevadas a cabo con el permiso de la v\u00edctima. Esto podr\u00eda conllevar a una p\u00e9rdida de datos y/o una explotaci\u00f3n posterior, incluyendo la toma de control de la cuenta. Este problema ha sido abordado en versiones \"1.36.27\" y \"1.37.24\". Es recomendado a usuarios actualizar. Los usuarios que no puedan actualizarse deber\u00e1n deshabilitar el registro de la base de datos"}], "id": "CVE-2022-39285", "lastModified": "2023-03-27T18:15:11.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-10-07T21:15:11.397", "references": [{"source": "security-advisories@github.com", "url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

JSON object

JSON object

JSON object